Ann Arbor Business to Business
Small Business and the Internet

Spammed Again

March 2003

By Mike Gould

"They killed my reputation! Those bastards!"
     - South Pork

I am sooooo sorry. Remember that article I wrote last month extolling SpamArrest? How they save a list of your permitted email correspondents so that your friends' and colleagues' messages whiz right through the anti-spam system? Well, those SpamArresting spawn of Satan just used my list to send spam to all my buddies, advertising their business. If you received an email message that said "ADV: Enjoy a spam-free inbox" and have ever corresponded with me, my deepest apologies. Any lawyers out there interested in a nice meaty class-action suit?

Their website now apologizes for the action and promises it won't happen again. But I'm still kinda down about it. (sigh) It is indeed a jungle out there. (snort) &@#$ it ' Onwards.

Other means of fighting spam
At the end of our last exciting episode, I mentioned that my ISP was going to implement SpamAssassin, a domain-wide anti-spam (AS) solution that was supposed to block spam without my having to do anything. Unfortunately, that solution had its screws torqued a bit too tight and almost all of the email sent to mondodyne.com got rejected, including all of my wife's email. This is what we geeks call a Bad Thing (especially that part about the wife). The reasons for this are a bit complicated; suffice it so say the ISP wasn't willing to put in the man-hours necessary to make this work so it didn't. I turned it off.

More Geekspeak Explained
Before we go too much farther, a glossary is in order. Here are some terms I will be bandying about in order to help you evaluate the different AS applications and strategies out there:

White List ' This is a list of all the folks you permit to message you without their email hanging up in whatever anti-spam solution you use. (What got me into the trouble above). Better systems will allow you to simply dump your address book into this, instantly permitting all your regular correspondents.

Black List ' This is a list of known spammers provided by you or your AS company. Email from the bastards on the black list goes immediately into the bit bucket (the email equivalent of your trash), a process known as "blackholing".

Local ' On your computer, as opposed to on a server somewhere. Under your control.

Server 'based ' Opposite of local; a process that runs on your ISP's email system, for example. Beyond your control (mostly). Under the control of major geeks such as sysadmins (system administrators ' the folks you let you know when your email box is full, for instance).

False positive ' This is an email message that your AS application incorrectly flags as spam. This is often a good email with a bad subject ("Viagra Jokes") that lands in the bit bucket. The problem with SpamAssassin mentioned above was that all the email was false positive. I have a filter that blackholes messages with exclamation points in the subject and I have to monitor the bit bucket for messages from excitable friends. (But in my experience, 90% of such messages are spam).

False negative ' This is spam that slips through the system and hits your inbox. This can be the result of some new demonic scheme that uses a very innocuous subject and text to ply its evil.

Arms against Spam
So far I have explored 4 types of anti-spam strategies. In chronological order, these are:

Local, labor-intensive: My email application is Eudora, and I have hand-crafted a bunch of filters I use with this. I wrote about this back in June 2001; the article is at: http://mondodyne.com/b2b/smbiznet.40.html.

Server-based, labor-intensive: My experiences with the above never-to-be-sufficiently-damned SpamArrest, detailed here last month (2/03), viewable at: http://mondodyne.com/b2b/smbiznet.60.html

(Have I made sufficiently clear the dire perils involved in dealing with these bozos?)

Server-based, no labor at all: SpamAssassin. Unfortunately, no labor for you means a lot of labor for the sysadmin, and not all sysadmins are willing to spend the time getting this to work. I still feel this is the best solution, once it is supported properly. In my case I had no control over it, so I couldn't tweak the threshold settings, view the contents of the bit bucket or submit a white list. There is a locally-based version of SpamAssassin as well; I may try it.

Local, minimally labor intensive: Spamfire, my current solution.

Light my Spamfire
Spamfire is a product from Matterform Media. It runs under Mac OS X and a Windows version is in development. The site for this is http://www.matterform.com/.

Here's a brief explanation of the filter process, kindly provided by Michael Herrick of Matterform:

"Spamfire is a rule-based filter that checks different parts of the email for various known patterns. Of course, you can do this with the filters in most email programs but what makes Spamfire different is the "fuzzy- logic" or score-based component. Spamfire won't toss a message out just because it contains one suspicious keyword. Spamfire applies all the filters to all the messages, so the combination of many low-scoring patterns or a few high-scoring patterns will cause a message to be intercepted."

Great features: you can regularly download the latest filters which reflect the current state of spam out there. You can dump your address book to the white list. You can view the bit bucket. It works remarkably well, even catching the various nefarious Nigerian fraud spams out there.

And even better, they don't spam your correspondents because they don't know the contents of your white list; this is all handled locally from your computer, not theirs. I am running their 15-day free trial of this now.

I'm starting to cheer up.

MonodoDyne <M> The Sound of One Hand Clicking...
734 904 0659
Entire Site © 2016, Mike Gould - All Rights Reserved